Active Directory synchronization Active Directory for McAfee ePO Cloud lets you synchronize your systems and organizational units from your Active Directory structure and mirror them in McAfee ePO Cloud. With the Active Directory integration to your McAfee ePO Cloud, you can perform these system management tasks: Synchronize with your Active Directory structure, by importing systems, and the Active Directory subcontainers (as System Tree groups), and keeping them up-to-date with Active Directory. At each synchronization, both systems and the structure are updated in the System Tree to reflect the systems and structure of Active Directory. Control what to do with potential duplicate systems. Use the system description, which is imported from Active Directory with the systems. Apply policies to Active Directory users or user groups. Integrating the System Tree with your Active Directory While you integrate the System Tree with your Active Directory, you can configure the following: Delete systems from the System Tree when they are deleted from Active Directory. Allow or disallow duplicate entries of systems that exist elsewhere in the System Tree. Tag the newly imported or updated systems. Tip: Use an Active Directory synchronization server task to regularly synchronize the systems (and possibly the Active Directory structure) with the System Tree according to the synchronization settings. Types of Active Directory synchronization There are two types of Active Directory synchronization – systems and structure and systems only. Which one you use depends on the level of integration you want with Active Directory. Setting up your Active Directory ConnectorsWe recommend that you set up two systems as your Active Directory Connectors (AD Connectors). Synchronizing the System Tree with your Active Directory If your network runs Active Directory, you can use Active Directory synchronization to create, populate, and maintain parts of the System Tree. About Active Directory Connector activity log You can configure activity logging for your Active Directory Connector (ADC) from the Policy Catalog page. Assigning user-based policies User-based policy assignment rules give you the ability to create user-specific policy assignments.